b'           OFFICE OF\n    THE INSPECTOR GENERAL\n\nSOCIAL SECURITY ADMINISTRATION\n\n\n\n     THE SOCIAL SECURITY\n      ADMINISTRATION\xe2\x80\x99S\n      COMPLIANCE WITH\n  THE EMPLOYEE RETIREMENT\n    INCOME SECURITY ACT\n\n   October 2004   A-14-04-24099\n\n\n\n\n AUDIT REPORT\n\x0c                                    Mission\nWe improve SSA programs and operations and protect them against fraud, waste,\nand abuse by conducting independent and objective audits, evaluations, and\ninvestigations. We provide timely, useful, and reliable information and advice to\nAdministration officials, the Congress, and the public.\n\n                                   Authority\nThe Inspector General Act created independent audit and investigative units,\ncalled the Office of Inspector General (OIG). The mission of the OIG, as spelled\nout in the Act, is to:\n\n  \xc2\x81 Conduct and supervise independent and objective audits and\n    investigations relating to agency programs and operations.\n  \xc2\x81 Promote economy, effectiveness, and efficiency within the agency.\n  \xc2\x81 Prevent and detect fraud, waste, and abuse in agency programs and\n    operations.\n  \xc2\x81 Review and make recommendations regarding existing and proposed\n    legislation and regulations relating to agency programs and operations.\n  \xc2\x81 Keep the agency head and the Congress fully and currently informed of\n    problems in agency programs and operations.\n\n  To ensure objectivity, the IG Act empowers the IG with:\n\n  \xc2\x81 Independence to determine what reviews to perform.\n  \xc2\x81 Access to all information necessary for the reviews.\n  \xc2\x81 Authority to publish findings and recommendations based on the reviews.\n\n                                     Vision\nBy conducting independent and objective audits, investigations, and evaluations,\nwe are agents of positive change striving for continuous improvement in the\nSocial Security Administration\'s programs, operations, and management and in\nour own office.\n\x0c                                         SOCIAL SECURITY\n\nMEMORANDUM\n\n\nDate:   October 14, 2004                                                   Refer To:\n\nTo:     The Commissioner\n\nFrom:   Acting Inspector General\n\nSubject: The Social Security Administration\xe2\x80\x99s Compliance with the Employee Retirement Income\n        Security Act (A-14-04-24099)\n\n\n        OBJECTIVES\n        Our objectives were to: (1) determine how well the Social Security Administration (SSA)\n        is complying with provisions of the Employee Retirement Income Security Act (ERISA),\n        and (2) offer cost-effective recommendations to enhance SSA\xe2\x80\x99s processing of this\n        workload.\n\n        BACKGROUND\n        Congress enacted the ERISA in 1974 as a result of concerns that funds of private\n        pension plans were being mismanaged and abused. ERISA and the Internal Revenue\n        Code require more than 1 million private pension, welfare and fringe benefit plan\n        administrators to file Form 5500, Annual Return/Report of Employee Benefit Plan, with\n        the Internal Revenue Service (IRS) annually.1 This report includes Schedule SSA,\n        Annual Registration Statement Identifying Separated Participants With Deferred Vested\n        Benefits. The IRS is responsible for sharing information about certain accrued\n        employee benefits reported by private pension plans with SSA to enable SSA to provide\n        notice to potential private pension beneficiaries when they apply for Social Security\n        benefits. In addition, the IRS provides to SSA quarterly electronic Form 5500 updates\n        that reflect changes to pension plan administrators. Also, the Pension Benefit Guaranty\n        Corporation (PBGC) provides SSA with quarterly electronic updates when PBGC\n        assumes responsibility for certain insolvent plans.\n\n\n\n\n        1\n            See 26 United States Code Annotated (USCA) \xc2\xa7 6057 (2004).\n\x0cPage 2 \xe2\x80\x93 The Commissioner\n\nSSA\xe2\x80\x99s Responsibilities\n\nSSA is responsible under ERISA and the Social Security Act to take the information it\nobtains from the IRS and the PBGC and notify certain individuals that they may be\neligible for deferred vested benefits from private pension plans. SSA is responsible for\nnotifying each new Social Security or Medicare claimant for whom it has pension benefit\ninformation.2 This information can be used by the claimant to claim any pension\nbenefits due from the pension plan.\n\nSSA\xe2\x80\x99s Processing of the Data\n\nIRS initially receives all ERISA documents from pension plan administrators. ERISA\ndocuments may be filed electronically or on paper. IRS3 then scans and converts paper\ndocuments that follow a specified format to electronic files. These electronic files are\nsent to SSA along with electronically filed forms using the Department of Labor\xe2\x80\x99s (DOL)\nERISA Filing Acceptance System (EFAST). EFAST was created by DOL, IRS, and\nPBGC to streamline the process for filing and processing the Form 5500s. However,\nuntil recently, SSA had no means to process the electronic records.\n\nIRS sends all paper documents that cannot be scanned (i.e., paper documents that do\nnot follow the specified format) to SSA\xe2\x80\x99s Wilkes-Barre Data Operations Center\n(WBDOC) in Pennsylvania for manual processing. If the paper documents contain\nlegible and complete individual records, WBDOC personnel key the records into SSA\xe2\x80\x99s\nERISA database. The database files are forwarded to SSA\xe2\x80\x99s Office of Systems in\nHeadquarters to be incorporated into the ERISA notice job stream, which result in\nERISA notices that are sent to potential pension plan beneficiaries. If the paper\ndocuments that WBDOC receives contain illegible or incomplete records, they are not\nprocessed and entered into the ERISA database and are instead sent to Headquarters.\n\n\n\n\n2\n  42 USCA \xc2\xa7 1320b-1; 20 Code of Federal Regulations 422.122(a).\n3\n  Under a contractual agreement with IRS, DOL scans the documents and converts them to electronic\ndata records, which are then forwarded to SSA. Although this process is being performed by DOL, the\nprimary responsibility for obtaining the documents and providing legible and complete data remains with\nthe IRS.\n\x0cPage 3 \xe2\x80\x93 The Commissioner\n                                              The ERISA Process\n                                  IRS Sends Forms to SSA for    SSA May or May Not Be\n         Forms Are Received By\n                                          Processing             Able to Process the\n                  IRS\n                                                                     Documents\n\n\n\n\n             Scannable\n        Paper Documents Are\n        Converted to Electronic\n               Records\n                                                                    Some of These\n                                                                    Records Are Not\n                                    Electronic Records Are             Processed\n                                   Received at Headquarters       (The current system\n                                                                    only processes\n                                                                  beneficiary records)\n          Electronically Filed\n              Documents\n\n\n                                                                    If Legible, and\n                                                                                         Processing Results in\n                                                                  Complete, They are     Paper Notices Sent to\n                                                                   Manually Entered         Potential Future\n                                                                   and Processed at          Pension Plan\n                                                                                             Beneficiaries\n             Unscannable               Unscannable Paper                WBDOC\n         Paper Documents Are              Documents\n             Sent to SSA            Are Received at WBDOC\n\n                                                                     If Illegible, or\n                                                                 Incomplete, They Are\n                                                                  Not Processed and\n                                                                      Are Sent to\n                                                                     Headquarters\n\n\n\n\nRESULTS OF REVIEW\nSSA has complied with some of the requirements of ERISA by processing the paper\nSchedules SSA (Schedules) received at WBDOC, and by generating and issuing\nnotices using that information. However, SSA cannot fulfill all of its responsibilities\nunder ERISA because (1) a system to process quarterly electronic ERISA records for\nemployer changes is not fully operational, and (2) paper Schedules received on behalf\nof IRS sometimes contain incomplete and illegible data. Additionally, internal controls\ncan be strengthened to reduce the risk of error or fraud, and to safeguard SSA\xe2\x80\x99s\nbusiness process investment.\n\nSSA Is Making Progress by Processing Electronic ERISA Records\n\nUntil recently, SSA had been unable to meet many of its responsibilities under ERISA,\nsince it began receiving electronic Schedules via DOL\xe2\x80\x99s EFAST in December 2000.\nEFAST was created by DOL, IRS, and PBGC to streamline the process for filing and\nprocessing the Form 5500s. However, SSA was unable to process these EFAST\nrecords until June 2004 because there was no computerized system to process them.\nSince there was no system, SSA had a backlog of 8.87 million unprocessed EFAST\nrecords as of February 2004.4 The EFAST records include both potential beneficiary\nrecords, as well as changes to pension plan administrators.\n\n\n4\n Of the 8.87 million unprocessed EFAST records, 2.96 million are beneficiary records, and 5.91 million\nare potential pension plan administrator changes. SSA noted that an undetermined amount of the\n5.91 million pension plan administrator changes may be duplicates.\n\x0cPage 4 \xe2\x80\x93 The Commissioner\n\nAs a result of the unprocessed records, numerous individuals were not notified timely of\ntheir potential entitlement to receive deferred vested benefits from private pension\nplans, or they may have received notices containing inaccurate pension plan\nadministrator information. For example, if only 1 percent of the 2.96 million\nunprocessed beneficiary records would result in an ERISA notice, then approximately\n29,600 individuals would not have been informed timely of their potential entitlement to\napproximately $287.5 million in annual benefits.5\n\nIn September 2003, the Office of Systems received permission from the Commissioner\nto develop and implement an automated system to process these records. Shortly\nthereafter, the Agency initiated the ERISA project to develop a system for processing\nthe backlog of EFAST records. The ERISA Project Team identified many of the ERISA\nissues outlined in our report. Furthermore, in many cases, the Project Team has been\nproactive in developing plans to address issues discussed in this report. While this\nreport was being prepared, SSA implemented a system to process pension plan\nbeneficiary records in June 2004, and processed the existing backlog. However, it has\nnot yet determined the additional functionality needed to process the electronic records\nthat track changes in pension plan administrators. If plan administrator information is\nnot properly updated, notices could be sent with incorrect pension plan information.\nThese types of incorrect notices may result in inquiries by notice recipients, which SSA\nmust research and resolve. Implementation of this system could reduce the number of\nunnecessary public inquiries. SSA should continue with its plan for evaluating whether\nthese records need to be processed, and if so, then developing and implementing the\nsystem for processing EFAST records in accordance with SSA\xe2\x80\x99s established systems\ndevelopment lifecycle guidelines.\n\nDOL recently initiated the EFAST 2 project, which aims to further streamline the EFAST\nprocess through the use of the Internet. Even though SSA is a major participant in the\nERISA process, the Agency has not formally been invited to participate in this important\ninteragency project. If SSA does not participate in this project, the process for sending\ninformation via the Schedules may not be in a proper format or may not contain all\nrelevant information that SSA needs to process these documents. Also, SSA may have\nto build and/or modify existing software to accommodate the EFAST 2 data, if the\nsystem is developed without SSA\xe2\x80\x99s input. Therefore, SSA needs to participate in this\nendeavor to ensure that SSA\xe2\x80\x99s requirements for processing ERISA data are adequately\nmet.\n\n\n\n\n5\n  Based on Department of Labor\xe2\x80\x99s (DOL) data http://www.dol.gov/ebsa/publications/redbook/d_1.htm, the\naverage pension annuity amount in 1994 was $9,714. DOL staff indicated that 1994 data is the most\nrecent available. As a result, our projection is conservative.\n\x0cPage 5 \xe2\x80\x93 The Commissioner\n\n\nPaper Documents Contain Incomplete and Illegible Data\n\nFor the period October 2003 through March 2004,6 WBDOC processed approximately\n9.38 million hard copy (paper) beneficiary records from the IRS via the Schedules, and\nexpended 48.2 work years (or approximately $2.1 million7) processing these records.\nThe legible and complete records on the paper documents were manually entered into\nSSA\xe2\x80\x99s ERISA database for processing.\n\nSSA personnel estimated that between 25-50 percent of the paper records were\nincomplete and illegible and, therefore, could not be processed without additional work\nto obtain complete and legible data. A Memorandum of Understanding (MOU) between\nSSA and IRS requires IRS to send SSA complete and legible data, and IRS agrees to\ncorrespond with the plan sponsors for corrections when the data is incomplete or\nillegible. However, rather than send incomplete and illegible records back to IRS for\ncorrection, WBDOC processed the records after contacting the plan administrators to\nobtain complete and legible data.\n\nThe Agency was unable to provide data to estimate the personnel cost or amount of\ntime spent contacting plan administrators to obtain complete and legible data. As a\nresult, we cannot estimate the part that could have been saved. SSA should return\nincomplete and illegible records to IRS for correction in accordance with the MOU.\n\nFurthermore, when WBDOC ultimately cannot obtain complete and legible data, it does\nnot process the records and, instead, sends them to the Office of Systems. In past\nyears, Office of Systems\xe2\x80\x99 personnel have discarded some of these records rather than\nreturn them to IRS for the records to be corrected. The Office of Systems currently has\nseveral stacks of unprocessed documents that WBDOC could not process. Based upon\nWBDOC\xe2\x80\x99s methodology (see Appendix B), we estimated, as of March 12, 2004, the\ndocuments that could not be processed represented approximately 85,540 records. As\na result, the individuals on these records may not be informed of their potential eligibility\nfor deferred pension plan benefits when they initially file for Social Security or Medicare\nbenefits.\n\nDuring our audit, SSA informed IRS of the incomplete and illegible documents and\nrequested a name and address to return them. IRS stated it had no procedure or staff\nin place to process the documents. Consequently, SSA was unable to return the\ndocuments to IRS for correction. Furthermore, not only has IRS asked SSA to\nrenegotiate the existing MOU, it has asked SSA for funding to perform duties related to\nthe Schedules SSA previously performed without cost to SSA. SSA needs to determine\nwhat its responsibilities are under ERISA regarding these incomplete and illegible\n\n6\n  We did not estimate the annual number of ERISA records that were processed for several reasons:\n(1) the ERISA workload is seasonal in nature; (2) the quantities vary from year to year; and (3) the\nworkload is only processed from October through January of each year.\n7\n  According to SSA, the Agency expended 48.2 work years in FY 2004 processing the ERISA workload,\nat a cost of $43,400 per work year.\n\x0cPage 6 \xe2\x80\x93 The Commissioner\n\ndocuments. SSA also needs to determine what its obligations are concerning the\nexisting MOU with IRS regarding these documents.\n\nNo Interagency Agreement with PBGC\n\nPBGC was established by ERISA in 1974 to assume responsibility for certain insolvent\nplans. PBGC forwards a quarterly file to SSA, so that SSA\xe2\x80\x99s database can be updated\nto reflect PBGC as administrator for those plans. However, SSA has no interagency\nagreement with PBGC to define both parties\xe2\x80\x99 roles and responsibilities. The Agency\ncould not provide an explanation as to why it did not implement an interagency\nagreement with PBGC. As a result, SSA cannot ensure that PBGC consistently fulfills\nits obligations to SSA under ERISA. Without such an agreement, PBGC could change\nthe way it handles the ERISA data it provides to SSA. SSA often implements\ninteragency agreements when there is a shared responsibility to receive and/or provide\ninformation with another agency. Additionally, because SSA has a systems investment\nin this business process, it is good business practice to have a formal agreement in\nplace to define both parties\xe2\x80\x99 responsibilities for processing the ERISA data. Therefore,\nSSA should develop and implement an MOU with PBGC.\n\nProgrammer Access to ERISA Database\n\nWhen an individual contacts SSA regarding a complex, inaccurate ERISA notice, the\ninquiry is generally handled by an SSA ERISA analyst with the assistance of an ERISA\nprogrammer in SSA\'s Office of Systems. In such cases, programmers can contact\npension plan administrators via telephone to obtain specific information regarding an\nindividual\xe2\x80\x99s record in SSA\xe2\x80\x99s ERISA database. If the record is incorrect, the programmer\nthen has the ability to change or delete the record in the ERISA database. We found\nthere is no audit trail or record of the transaction or appropriate compensating controls\nover this process.8\n\nIf due care is not exercised to prohibit improper changes to the database, legal issues\nmay arise concerning an individual\xe2\x80\x99s rights under ERISA. The Office of Management\nand Budget\xe2\x80\x99s (OMB) standards regarding segregation of duties9 require that key duties\nand responsibilities are divided among different people to reduce the risk of error. Also,\nOMB\'s principle of least privilege10 calls for agencies to restrict a user\'s access to the\nminimum needed to perform his or her job duties. In addition, the issue of inappropriate\naccess to data files by programmers has also been part of the reportable condition11\n8\n  While these types of inquiries are not voluminous, on average, they occur several times per month, and\none inquiry could result in changes or deletions to multiple records in the database.\n9\n  Appendix III to Office of Management and Budget\xe2\x80\x99s Circular No. A-130, Security of Federal Automated\nInformation Resources, Section 3(a)2(c).\n10\n   Id.\n11\n   A reportable condition is a significant deficiency in the design or operation of internal controls that could\nadversely affect the Agency\xe2\x80\x99s ability to meet the internal control objectives prescribed by OMB. The\nSocial Security Administration\xe2\x80\x99s Fiscal Year 2003 Performance and Accountability Report included the\nissue of application programmers having access to production data in the reportable condition concerning\ninformation protection weaknesses.\n\x0cPage 7 \xe2\x80\x93 The Commissioner\n\nidentified during SSA\xe2\x80\x99s annual financial statement audit. Furthermore, the process to\nmake changes to the ERISA database is not formally documented in SSA\xe2\x80\x99s policies and\nprocedures manual. SSA should ensure adequate controls are in place to prevent\nprogrammers from improperly changing or deleting records contained in the ERISA\ndatabase, and SSA should document formal procedures for handling ERISA inquiries\nfrom the public.\n\nFormal Operating Procedures\n\nCurrent operating procedures are outdated and do not address the procedures that\nchanged as a result of the June 2004 software implementation to process the electronic\nrecords. The lack of formal operating procedures could result in inconsistent, inefficient,\nand/or incorrect responses to public inquiries by SSA personnel. Therefore, SSA needs\nto implement written operating procedures to adequately address the ERISA process,\nincluding changes resulting from the June 2004 software implementation.\n\nRECOMMENDATIONS\nWe recommend SSA:\n\n1. Continue to develop and implement its system to process all electronic EFAST\n   records as soon as practicable.\n\n2. Formally participate on the development team for DOL\xe2\x80\x99s EFAST 2 project.\n\n3. Determine what its responsibilities are under ERISA and its obligations concerning\n   the MOU with IRS regarding incomplete and illegible documents.\n\n4. Develop and implement an MOU with PBGC to specify roles and responsibilities of\n   both parties regarding the sharing of information.\n\n5. Ensure adequate controls are in place to prevent improper changes or deletions of\n   records in the ERISA database.\n\n6. Document and implement formal procedures for the ERISA process, including the\n   handling of ERISA inquiries from the public.\n\x0cPage 8 \xe2\x80\x93 The Commissioner\n\nAGENCY COMMENTS AND OIG RESPONSE\nSSA agreed with our recommendations. The Agency had one substantive concern\nregarding the estimate of work year savings which could not be accurately projected\ndue to the lack of available data. Therefore, we removed the work year estimation from\nthe report. The Agency also provided technical comments that we considered and\nincorporated, where appropriate. The text of SSA\'s comments is included in\nAppendix C. We commend SSA for its ongoing efforts to comply with ERISA.\n\n\n\n\n                                                     S\n                                                     Patrick P. O\xe2\x80\x99Carroll, Jr.\n\x0c                               Appendices\nAPPENDIX A \xe2\x80\x93 Acronyms\n\nAPPENDIX B \xe2\x80\x93 Scope and Methodology\n\nAPPENDIX C \xe2\x80\x93 Agency Comments\n\nAPPENDIX D \xe2\x80\x93 OIG Contacts and Staff Acknowledgments\n\x0c                                                     Appendix A\n\nAcronyms\n\n DOL       Department of Labor\n EFAST     ERISA Filing Acceptance System\n ERISA     Employee Retirement Income Security Act\n IRS       Internal Revenue Service\n MOU       Memorandum of Understanding\n OMB       Office of Management and Budget\n PBGC      Pension Benefit Guaranty Corporation\n SSA       Social Security Administration\n USCA      United States Code Annotated\n WBDOC     Wilkes-Barre Data Operations Center\n\x0c                                                                         Appendix B\n\nScope and Methodology\nTo accomplish our objectives, we reviewed applicable policies, procedures, laws and\nregulations related to the Employee Retirement Income Security Act (ERISA), and\nERISA systems development information. We interviewed SSA personnel in\nHeadquarters and at Wilkes-Barre Data Operations Center (WBDOC) in Wilkes-Barre,\nPennsylvania.\n\nTo estimate the quantity of unprocessed ERISA paper records maintained by the Office\nof Systems, we weighed them using the postal scale located in SSA\xe2\x80\x99s mail room. The\ntotal weight of all the packages was 61.1 pounds. We then applied the estimating\nmethodology routinely used by WBDOC to estimate the number of ERISA records, as\nfollows:\n\n          61.1 pounds @ 100 pages per pound = 6,110 pages\n          6,110 pages x 14 records per page = 85,540 records\n\nWe performed our work between December 2003 and April 2004. We conducted our\nreview in accordance with generally accepted government auditing standards.\n\nThe data in this report was used to provide background information only and was not\ndeemed necessary to support findings and recommendations. Therefore, we did not\ndetermine the reliability of that data, and any limitations of the data used in the context\nof this assignment should not lead to an incorrect or unintentional conclusion.\n\x0c                  Appendix C\n\nAgency Comments\n\x0c                                         SOCIAL SECURITY\n\nMEMORANDUM                                                                      34077-24-1226\n\n\n           September 7, 2004                                                    Refer To: S1J-3\n\nTo:          Patrick P. O\'Carroll, Jr.\n             Acting Inspector General\n\nFrom:        Larry W. Dye      /s/\n             Chief of Staff\n\nSubject:     Office of the Inspector General (OIG) Draft Report "The Social Security Administration\'s\n             Compliance With the Employee Retirement Income Security Act" (A-14-04-24099)--\n             INFORMATION\n\n\n           We appreciate OIG\xe2\x80\x99s efforts in conducting this review. Our comments on the draft report\n           content and recommendations are attached.\n\n           Please let me know if you have any questions. Staff inquiries may be directed to\n           Candace Skurnik, Director, Audit Management and Liaison Staff, at extension 54636.\n\n           Attachment:\n           SSA Response\n\n\n\n\n                                                        C-1\n\x0cCOMMENTS ON THE OFFICE OF THE INSPECTOR GENERAL (OIG) DRAFT\nREPORT \xe2\x80\x9cTHE SOCIAL SECURITY ADMINISTRATION\'S COMPLIANCE WITH\nTHE EMPLOYEE RETIREMENT INCOME SECURITY ACT\xe2\x80\x9d\n(A-14-04-24099)\n\n\nThank you for the opportunity to review and comment on the draft report. Overall, we agree\nwith the report\xe2\x80\x99s conclusions and recommendations. We are pleased that the review recognizes\nour effort to comply with Employee Retirement Income Security Act (ERISA) requirements.\nOur responses to the recommendations and suggested technical comments below provide\ninformation or updated language on the actions we have taken or plan to take to move toward\nfulfillment of all of our responsibilities under ERISA.\n\nWe have one substantive concern about the calculation of estimated savings related to processing\nincomplete and/or illegible ERISA forms (page 5 of the report and Appendix B). The report\nnotes that the forms required additional work compared to forms that were complete and legible.\nHowever, the estimate of the cost of processing this work assumes the same unit time as the\noverall workload and then identifies all of the processing time associated with processing the\nincomplete or illegible forms as the potential savings. As calculated, the estimate assumes this\nrepresents the savings by concluding that these records should have been sent back to the\nInternal Revenue Service (IRS) to be resolved. Since the records would ultimately have to be\nprocessed after the incomplete and/or illegible fields are resolved, the actual savings are the time\nand costs of only the Social Security Administration (SSA) work that would have been in\naddition to the effort of processing other complete and legible records; i.e., the time we spent\nresolving the incomplete and/or illegible fields. Additionally, because the report does not\nprovide information on how much additional time we spent to process records that are\nincomplete or illegible, the potential savings cannot be estimated.\n\nRecommendation 1\n\nSSA should continue to develop and implement its system to process all electronic ERISA Filing\nAcceptance System (EFAST) records as soon as practicable.\n\nResponse\n\nWe agree. The system to process the EFAST records was released on June 10, 2004. As of June\n25, 2004, all of the backlogged files were processed and updated to our ERISA master file.\nPhase II of ERISA EFAST is being considered by the Information Technology Advisory Board\nfor implementation in fiscal year 2005.\n\nRecommendation 2\n\nSSA should formally participate on the development team for Department of Labor\xe2\x80\x99s (DOL)\nEFAST 2 project.\n\n\n\n\n                                                C-2\n\x0cResponse\n\nWe agree. We plan to work closely with DOL on the EFAST 2 project.\n\nRecommendation 3\n\nSSA should determine what its responsibilities are under ERISA and its obligations concerning\nthe memorandum of understanding (MOU) with IRS regarding incomplete and illegible\ndocuments.\n\nResponse\n\nWe agree. Both IRS\xe2\x80\x99s and SSA\xe2\x80\x99s responsibilities regarding receiving incomplete and illegible\ndocuments from IRS are contained in the existing MOU. Currently, our General Counsel (GC)\nis evaluating the implications of IRS\xe2\x80\x99s non-compliance with the existing MOU to identify a\npossible resolution. Additionally, we are in the process of negotiating a new MOU with IRS and\nthe issue of incomplete forms processing will be addressed during those negotiations.\n\nRecommendation 4\n\nSSA should develop and implement an MOU with the Pension Benefit Guarantee Corporation\n(PBGC) to specify roles and responsibilities of both parties regarding the sharing of information.\n\nResponse\n\nWe agree. The final version MOU between SSA and PBGC is currently being reviewed by our\nGC.\n\nRecommendation 5\n\nEnsure adequate controls are in place to prevent improper changes or deletions of records in the\nERISA database.\n\nResponse\n\nWe agree. At the time of this review, OIG was evaluating the activity undertaken by our Office\nof Systems programmers who were contacting pension plan administrators to obtain information\nto change the database. We are aware of the need for guidelines on record changes and deletions\nfor the ERISA workload to ensure separation of duties and will address ERISA access control\nissues as part of the Agency\xe2\x80\x99s Standardized Security Profile Project.\n\nRecommendation 6\n\nDocument and implement formal procedures for the ERISA process, including the handling of\nERISA inquiries from the public.\n\n\n\n\n                                               C-3\n\x0cResponse\n\nWe agree. We have issued Program Operations Manual System instructions for Operations staff\n(field offices and teleservice centers) regarding handling inquiries from the public. We are\ncurrently developing procedures for our headquarters staff in the Division of Employer Services.\nIt should be noted that all of the procedures will include instructions for correcting the ERISA\ndatabase in an effort to ensure that controls are in place to prevent improper changes or deletions\nof records as they relate to recommendation 5 above.\n\n[In addition to the items listed above, SSA provided technical comments which have\nbeen addressed in this report, where appropriate.]\n\n\n\n\n                                                C-4\n\x0c                                                                       Appendix D\n\nOIG Contacts and Staff Acknowledgments\nOIG Contacts\n\n    Kitt Winter, Director (410) 966-9702\n\n    Albert Darago, Audit Manager (410) 965-9710\n\nAcknowledgments\n\nIn addition to those named above:\n\n    Anita McMillan, Senior Systems Auditor\n\n    Deborah Kinsey, Senior Systems Auditor\n\nFor additional copies of this report, please visit our web site at www.ssa.gov/oig or\ncontact the Office of the Inspector General\xe2\x80\x99s Public Affairs Specialist at (410) 966-3218.\nRefer to Common Identification Number A-14-04-24099.\n\x0c                           DISTRIBUTION SCHEDULE\n\n\nCommissioner of Social Security\nOffice of Management and Budget, Income Maintenance Branch\nChairman and Ranking Member, Committee on Ways and Means\nChief of Staff, Committee on Ways and Means\nChairman and Ranking Minority Member, Subcommittee on Social Security\nMajority and Minority Staff Director, Subcommittee on Social Security\nChairman and Ranking Minority Member, Subcommittee on Human Resources\nChairman and Ranking Minority Member, Committee on Budget, House of\nRepresentatives\nChairman and Ranking Minority Member, Committee on Government Reform and\nOversight\nChairman and Ranking Minority Member, Committee on Governmental Affairs\nChairman and Ranking Minority Member, Committee on Appropriations, House of\nRepresentatives\nChairman and Ranking Minority, Subcommittee on Labor, Health and Human Services,\nEducation and Related Agencies, Committee on Appropriations,\n House of Representatives\nChairman and Ranking Minority Member, Committee on Appropriations, U.S. Senate\nChairman and Ranking Minority Member, Subcommittee on Labor, Health and Human\nServices, Education and Related Agencies, Committee on Appropriations, U.S. Senate\nChairman and Ranking Minority Member, Committee on Finance\nChairman and Ranking Minority Member, Subcommittee on Social Security and Family\nPolicy\nChairman and Ranking Minority Member, Senate Special Committee on Aging\nSocial Security Advisory Board\n\x0c               Overview of the Office of the Inspector General\nThe Office of the Inspector General (OIG) is comprised of our Office of Investigations (OI),\nOffice of Audit (OA), Office of the Chief Counsel to the Inspector General (OCCIG), and Office\nof Executive Operations (OEO). To ensure compliance with policies and procedures, internal\ncontrols, and professional standards, we also have a comprehensive Professional Responsibility\nand Quality Assurance program.\n                                        Office of Audit\nOA conducts and/or supervises financial and performance audits of the Social Security\nAdministration\xe2\x80\x99s (SSA) programs and operations and makes recommendations to ensure\nprogram objectives are achieved effectively and efficiently. Financial audits assess whether\nSSA\xe2\x80\x99s financial statements fairly present SSA\xe2\x80\x99s financial position, results of operations, and cash\nflow. Performance audits review the economy, efficiency, and effectiveness of SSA\xe2\x80\x99s programs\nand operations. OA also conducts short-term management and program evaluations and projects\non issues of concern to SSA, Congress, and the general public.\n\n\n                                    Office of Investigations\nOI conducts and coordinates investigative activity related to fraud, waste, abuse, and\nmismanagement in SSA programs and operations. This includes wrongdoing by applicants,\nbeneficiaries, contractors, third parties, or SSA employees performing their official duties. This\noffice serves as OIG liaison to the Department of Justice on all matters relating to the\ninvestigations of SSA programs and personnel. OI also conducts joint investigations with other\nFederal, State, and local law enforcement agencies.\n\n\n                   Office of the Chief Counsel to the Inspector General\nOCCIG provides independent legal advice and counsel to the IG on various matters, including\nstatutes, regulations, legislation, and policy directives. OCCIG also advises the IG on\ninvestigative procedures and techniques, as well as on legal implications and conclusions to be\ndrawn from audit and investigative material. Finally, OCCIG administers the Civil Monetary\nPenalty program.\n                               Office of Executive Operations\nOEO supports OIG by providing information resource management and systems security. OEO\nalso coordinates OIG\xe2\x80\x99s budget, procurement, telecommunications, facilities, and human\nresources. In addition, OEO is the focal point for OIG\xe2\x80\x99s strategic planning function and the\ndevelopment and implementation of performance measures required by the Government\nPerformance and Results Act of 1993.\n\x0c'